Title: Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy

There is growing operational awareness of the challenges in securely operating
IPv6 networks. Through a measurement study of 520,000 dual-stack servers and
25,000 dual-stack routers, we examine the extent to which security policy
codified in IPv4 has also been deployed in IPv6. We find several high-value
target applications with a comparatively open security policy in IPv6
including: (i) SSH, Telnet, SNMP, are more than twice as open on routers in
IPv6 as they are in IPv4; (ii) nearly half of routers with BGP open were only
open in IPv6; and (iii) in the server dataset, SNMP was twice as open in IPv6
as in IPv4. We conduct a detailed study of where port blocking policy is being
applied and find that protocol openness discrepancies are consistent within
network boundaries, suggesting a systemic failure in organizations to deploy
consistent security policy. We successfully communicate our findings with
twelve network operators and all twelve confirm that the relative openness was
unintentional. Ten of the twelve immediately moved to deploy a congruent IPv6
security policy, reflecting real operational concern. Finally, we revisit the
belief that the security impact of this comparative openness in IPv6 is
mitigated by the infeasibility of IPv6 network-wide scanning-we find that, for
both of our datasets, host addressing practices make discovering these
high-value hosts feasible by scanning alone. To help operators accurately
measure their own IPv6 security posture, we make our probing system publicly
available.

Dr. Nicholas Weaver, ICSI & UC Berkeley, (July 18, 2013):

Title: Down the BitCoin Rabbit Hole

As part of our research into how attackers may monetize systems, we've begun
investigating BitCoin as both mining and theft are potential revenue sources.
This has lead us down the BitCoin rabbit hole, an amusing and weird world full
of excellent cryptography, impossible finance, and bat-S@#)(* insane economics.
Follow along on the fun tales of thefts, Winklevii, tracking, drug sales,
bubbles, Ponzi schemes, and cave- dwelling goldbugism in a "currency"
best described as a "dot.com stock without a sock puppet."

Chip Elliott, BBN Technologies, (April 19, 2012):

Title: GENI -- Global Environment for Network Innovations

The Global Environment for Network Innovations -- GENI -- is a suite of
research infrastructure, sponsored by the National Science Foundation, that is
rapidly taking shape within dozens of university campuses across the United
States. GENI enables deep programmability throughout the network, promoting
innovations in network security, technologies, services, and applications.
Researchers can install their own software deep into GENI to try out
large-scale experiments in future global systems that may or may not be
compatible with today's Internet. These experiments run inside different
GENI "slices," so that researchers can try out a variety of future
internets at the same time. GENI is now supporting a range of experiments
spanning the United States, and starting to ramp up for "at scale"
growth to 100-200 university campuses.

Dr. Kang Shin, University of Michigan, (February 3, 2012):

Title: E-MiLi: Energy-Minimizing Idle Listening in Wireless Networks

The WiFi interface is a primary energy consumer in mobile devices, and idle
listening (IL) is the dominant source of energy consumption in WiFi. Most
existing protocols, such as 802.11 power-saving mode (PSM), attempt to reduce
the time spent in IL by sleep scheduling. However, through an extensive
analysis of real-world traffic, we found that more than 60% of energy is
consumed in IL, even with PSM enabled. To remedy this problem, we propose
E-MiLi (Energy-Minimizing idle Listening), which reduces the power consumption
in IL, given that the time spent in IL has already been optimized by sleep
scheduling. Since radio power consumption decreases proportionally to its
clock-rate, E-MiLi adaptively down-clocks the radio during IL, and reverts to
full clock-rate when an incoming packet is detected or a packet has to be
transmitted. E-MiLi incorporates sampling rate invariant detection (SRID),
ensuring accurate packet detection and address filtering even when the
receiver's sampling clock-rate is much lower than the signal bandwidth.
Further, it employs an opportunistic down-clocking mechanism to optimize the
efficiency of switching clock-rate, based on a simple interface to existing
MAC-layer scheduling protocols. We have implemented E-MiLi on the USRP software
radio platform. Our experimental evaluation shows that E-MiLi can detect
packets with close to 100% accuracy even with down-clocking by a factor of 16.
When integrated with 802.11, E-MiLi can reduce energy consumption by around 44%
for 92% of users in real- world wireless networks. Joint work with Xinyu Zhang
presented at ACM MobiCom '11.

Dr. Nicholas Weaver, ICSI & UC Berkeley, (October 6, 2011):

Title: Serendipy and Spam

What happens when a large research group sets out read a billion
spams? A voyage of discovery through the underground economy which
provides a major economic driver for botnets, spam, and other
malfeasance. This talk describes the trip, including how we could
identify the major programs based on the internal structure of their
web pages, evaluate the (in)effectiveness of computer-infrastructure
takedown and effectiveness of financial disruption, learn how to
manage the press, discover what people purchase from spamvertized
pharmacies, and provide estimates on the total revenue derived from
(the V-word) spam.

Dr. Arthur Berger, Akamai Technologies, (September 29, 2011):

Title: Comparing Performance over IPv4 versus IPv6

As IPv4 address space gets tighter, there is increasing pressure to deploy
IPv6. The Internet Assigned Number Authority (IANA) allocated the last of the
available /8?s of the v4 address space to the Regional Internet Registries
(RIR?s) on February 3, 2011. Currently, the RIR's are restricting allocations
to cover only about 3 months of growth. A market for legacy v4 address has
begun: In March, 2011, as part of Nortel's bankruptcy, Microsoft bought 667,000
legacy v4 addresses for $11/address.

Since the transition to IPv6 will be slow, there will be a long period where
many end-points will be dual stack. Thus, the ability to pick the better
performing path over v4 versus v6 will be a valuable feature. We have done a
performance comparison of v4 versus v6 latency and loss, with results by
continent, and by tunneled versus native v6 addresses. Although overall
performance is better over v4, it is not always so; for example 10% of the time
the latency between the U.S. and Europe is shorter over v6 by at least 10 ms,
and to Asia is shorter by at least 38 ms. Latency and loss over v6 is in
general higher to tunneled v6 destinations, as compared with native. Somewhat
surprisingly, the latency and loss over _v4_ is also higher to nameservers
whose v6 interface is tunneled, as compared with nameservers whose v6 interface
is native. We conjecture that nameservers with a tunneled v6 interface are
more likely to be in smaller networks, lower down in the hierarchy. Thus, the
common observation that v6 latency is higher over tunnels is not due
exclusively to the poorer v6 architecture of tunnels, but also is partially due
to other factors, such as the topological location.

Dr. Grenville Armitage, Swinburne University, (June 9, 2011):

Title: A mixed-bag -- Some thoughts on TCP, network monitoring
using game engines, and helping online game players save their NATs from
exploding

The Centre for Advanced Internet Architectures at Swinburne University of
Technology has been dabbling in a range of networking-related research projects
in recent years. This talk will touch on the highlights of four projects --
experiments with "delay-gradient" TCP (to keep RTT down while being tolerant of
non-congestion loss), using "statelessTCP" for HTTP (serving small objects
while reducing server-side TCP state load), using consumer game engines to
create 3D worlds for monitoring and controlling network devices, and using
network coordinates to drastically reduce the UDP probe traffic emitted by home
game players when performing server discovery (thus eliminating exhaustion of
their gateway's NAT table).

Dr. Michal Pěchouček, Czech Technical University, (April 14, 2011):

Title:
Agent based computing in defense applications

Our current complex, decentralized and in parts adversarial environment provide
interesting research and technological challenges. The research field of
multiagent systems and agent based computing, which is grounded in computer
science, artificial intelligence and game theory, suggest a set of novel
approaches, algorithms and methodologies. In Agent Technology Center (ATC),
Czech Technical University, we study agent-based computing from theoretical and
application perspective. During my talk I will provide a brief introduction
into the four selected research activities in ATC: (i) free-flight oriented
UAV collision avoidance, (ii) trajectory-based civilian air traffic management,
(iii) maritime security applications and (iv) cybersecurity.

Dr. Craig Partridge, BBN Technologies, (October 19, 2010):

Title: Realizing the Future of Wireless Data Communications

Software radios will soon become cost-effective for commercial use. We,
unfortunately, have not done the research necessary to inform regulators,
technologists, manufacturers and consumers about their choices in the new world
that software radios enable. This talk sketches the potential of software
radios in a commercial marketplace and outlines the research that needs to
happen.

Center for Measurement and Analysis of Network Data | Based at the Naval Postgraduate School